Bug 833114 - Repositories Delete Selected Repository button leads to exception page when no permission is given
Summary: Repositories Delete Selected Repository button leads to exception page when n...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Content
Version: JON 3.1.1
Hardware: All
OS: All
medium
high
Target Milestone: ER01
: JON 3.2.0
Assignee: Jay Shaughnessy
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On: 831152
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-18 15:42 UTC by Charles Crouch
Modified: 2015-02-01 23:28 UTC (History)
5 users (show)

Fixed In Version:
Clone Of: 831152
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)
repo-delete.png (104.29 KB, image/png)
2013-10-16 13:59 UTC, Armine Hovsepyan 		no flags Details
View All

Description Charles Crouch 2012-06-18 15:42:15 UTC 
+++ This bug was initially created as a clone of Bug #831152 +++

Created attachment 591161 [details]
delete repo

Description of problem:
For user with unchecked "Manage Repositories" permission- Delete repository shows red error (with some source data) on the top of the page

Version-Release number of selected component (if applicable):
JON - Version: 3.1.0.ER6

How reproducible:
always

Steps to Reproduce:
1.Log in with rhqadmin super user
2.Create role "testRole" with  Manage Repositories unchecked
3.Create "testUser" user with this role
4.Log in with "testUser"
5.Click Administration navigation tab
6.Click  Repositories sub navigation on the left hand side
7. Click on "Create New" and by filling name and description create new repo
8. Select created repository 
9. Click Delete Selected button
  
Actual results:
Red error with some source data [like "invocation: method=public void org.rhq.enterprise.server.content.ContentSourceManagerBean.purgeOrphanedPackageVersions(org.rhq.core.domain.auth.Subject),context-data={}" ] is visible on the top of the page

Expected results:
After step97. "?????" Either Delete button is not visible, or just no error is shown, or the error doesn't contain "source" data  ???????

Additional info:
please get attached screenshot

--- Additional comment from jshaughn on 2012-06-15 16:53:53 EDT ---


This is odd.  We let a user without MANAGE_REPOSITORIES create a repo.  I think the delete operation generating a permission exception is actually correct.  I'm not sure why we allow create to work, it seems that should fail as well although maybe I don't know all the semantics.

Perhaps the Administration->Repositories should be disabled for a user without MANAGE_REPOSITORIES permission.  But that is GUI issue, the create is potentially an SLSB level issue.

--- Additional comment from jshaughn on 2012-06-18 10:09:14 EDT ---


OK, looking at the code, the create seems OK.  We allow a user to create a private repository.  And, lacking MANAGE_REPOSITORIES, we ensure that it is set private even if the global option is requested.

So, the problem here is that the user can not then delete his own repo.  That is a real problem.  I'm taking this...

--- Additional comment from jshaughn on 2012-06-18 11:38:12 EDT ---


master commit 5a8b4196beed872022861c0d4110a652c0f5c013
A private repo should be able to be deleted by its owner, even if the owner
does not have MANAGE_REPOSITORIES permission.
Comment 1 Charles Crouch 2012-06-18 15:42:28 UTC 
Per triage, target 3.2
Comment 2 Jay Shaughnessy 2012-06-18 16:05:33 UTC 
This is fixed upstream.
Comment 3 Heiko W. Rupp 2013-08-12 08:25:57 UTC 
This was done upstream and will thus be in er1
Comment 4 Armine Hovsepyan 2013-10-16 13:58:55 UTC 
double-checked on jon 3.2 er3
Comment 5 Armine Hovsepyan 2013-10-16 13:59:20 UTC 
Created attachment 812939 [details]
repo-delete.png
Note You need to log in before you can comment on or make changes to this bug.